Cloud Services and Business Process Outsourcing

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Cloud Services and Business Process Outsourcing"

Transcription

1 Cloud Services and Business Process Outsourcing What security concerns surround Cloud Services and Outsourcing? Prepared for the Western NY ISACA Conference April

2 Presenter Kevin Wilkins, CISSP Chief Technology Officer, isecure LLC Kevin Wilkins is the Chief Technology Officer (CTO) at isecure LLC. Mr. Wilkins oversees the implementations of Network Security product portfolios specializing in the heavily regulated environments such as PCI, SOX, HIPPA/HITECH. Mr. Wilkins has been in the IT industry since 1998 and has had extensive operational experience in Network Engineering, Systems Administration, Telecommunications, and Information Security.

3 Abstract Businesses have been outsourcing various processes and services for many years. Recently, IT services and applications have been moved to "The Cloud". What are the benefits and risks in utilizing outside parties vs. direct hires and internal infrastructure? What are some considerations in making a move to The Cloud safely?

4 Audience Corporate/Information Security Officers Business Managers IT Administrators

5 What is Outsourcing in general? Take a business process - anything really - and pay a outside party to help. Strictly Business Examples: Accountancy, Legal, Personnel and Hiring. IT Examples: Voice Communications, WAN Management, , Web Hosting, Public DNS, CRM, Data Backups, Data Storage and Accessibility.

6 Why Outsource? Outsourcing allows a company to focus on their core competencies without requiring the specialized IT knowledge and infrastructure be maintained in-house. While you specialize in manufacturing, or finance, an outside party can specialize in the business support services you need. Consultants can work on an as-needed basis instead of carrying the expense of a full-time hire.

7 Why Outsource? Outsourcing a business function can introduce better scalability and elastic resources. There is an economic advantage in sharing a larger system. Capital expense related to equipment purchases and maintenance can be converted to a monthly payment covering exactly what you need.

8 What is The Cloud? The Cloud usually applies to the outsourcing of IT Operations. The Cloud generally means obtaining Data Handling or Application Delivery from an outside party. The other common Silos of Infrastructure and People are often involved. This relates to the 3 rd party management of on-site systems and network components.

9 Is The Cloud new? Only in name! PBX/Telephone functions have been outsourced via Centrex and VOIP. Traditional ISPs have hosted , Web Hosting, DNS, etc. for decades. There has been a shift to ISPs specializing on Communications Infrastructure while letting others specialize on the Application and Data side.

10 I'm pretty sure The Cloud is new. OK, so it is. The variety, accessibility, and scalability of IT functions which can be outsourced continues to grow. The variety of business operations that can push their Data and Applications to a Hosted environment also grows.

11 Great, I want it! Cool, but did you ask your CSO?

12 Our friendly CISSP says that good security is centered around the following Confidentiality Is your data private? Integrity Is your data intact, and protected from modification, damage or destruction? Availability Can you use your data or application where and when you need it?

13 What are some concerns with Outsourcing? Other People have access to your Data - how are they held accountable for it? This might include Accounting Data, Customer Contacts, Strategic Information, Trade Secrets, and Sensitive Communications. This might also include access to your Network and Internal Systems in the case of Managed Services.

14 What are some concerns with Cloud Service providers? Cloud Based data and applications may be globally accessible to remote workers, but also exposed to attack by outside parties. Can the Cloud Service send you security logs and reports in regards to access attempts and failures, and notify you in the event of an attack or a breach?

15 What are some concerns with Cloud Service providers? Does your Cloud service support Data Loss Prevention (DLP) functionality? What if the data is lost (as in destroyed) or disclosed (stolen or leaked) to unauthorized parties?

16 What are some concerns with Cloud Service providers? The Data and Applications are off-site, which could lead to Accessibility issues if your Internet connections go down. What happens if the entire Cloud Service provider were to go out of business?

17 Data Ownership in The Cloud Some Cloud Services claim ownership or usage rights to your data. For example, YouTube will claim rights to repackage, distribute, or sell anything you upload for their own benefit. Amazon Web Services explicitly protects your rights to your intellectual property in their EULA. What happens to data when an employee buys a Cloud Service for your company, but uses a personal credit card and identity information to set up the account? What happens if this account is used to host Company data, but the employee leaves the Company?

18 Mobility and BYOD As previously mentioned, moving data to Cloud Service can simplify access by remote workers. Remote Access can be related to Mobile Access, but that s a different presentation! And don t get me started on Bring Your Own Device (BYOD) The relationships of BYOD, Mobile, and Cloud can be discussed during Q/A at the end of this presentation.

19 Jeez, what else? Many cloud providers will limit their liability in the event of downtime, data loss, or compromise. The ability to directly manage a service outage is limited. You can call support, but often answers are not forthcoming. This can be frustrating, especially if a critical service is offline. The ability to customize may be limited. It Is What It Is. You may only see new capabilities as part of the Cloud Service providers development roadmap, not your own requirements.

20 What can be done internally to mitigate security concerns when Outsourcing? Maintain a local backup copy of your data. Have Business Continuity and Disaster Recovery plans if the Cloud service suffers a serious issue. Prepare a Cloud Exit Strategy including a process, hardware / software manifest, and projected costs.

21 What can be done to secure your data that s been entrusted to outside parties and accessible via Public Internet? Crypto fairy-dust goes a long way. There are 3 rd party solutions on the market that can encrypt your data in transit to a Cloud based provider and provide decryption services when the data is retrieved.

22 What can be done to secure your data that s been entrusted to outside parties and accessible via Public Internet? Some Cloud providers provide encryption of Customer data while in storage and in use, and provide ability for the Customer to control the encryption keys. This provides an assurance that employees of the Cloud provider or other outside parties cannot read your data.

23 What can be done to secure your data that s been entrusted to outside parties and accessible via Public Internet? Single Sign On (SSO) can tie independent Cloud Provider authentication mechanisms into a single login associated with your Active Directory system. This greatly simplifies password management. SSO service providers can also extend the functionality of a Cloud Provider with additional security controls (Time of Day, Geographical ID, DLP, Device Restrictions) and auditing.

24 How can a relationship with a Cloud-based provider be managed in order to limit risk? Consider a requirement that the Cloud Service provider release your data in a common and portable format on demand. Avoid vendor lock-in. Easy access to raw data may also prove important when dealing with legal and e-discovery issues. Ensure that the Cloud Service provider has the required level of compliance and governance for the security of your data.

25 How can a relationship with a Cloud-based provider be managed in order to limit risk? Ensure that the Cloud Service provider has a Business Continuity Plan and Disaster Recovery strategy with stated Service Level Agreements for restoration or customer compensation/remedy. Read the EULAs and Contracts very carefully. If the stakes are high, try to negotiate the terms.

26 How can a relationship with a Cloud-based provider be managed in order to limit risk? Depending on the level of exposure, treat Outsourced and Cloud Services providers like any other business partner. Perform as much vetting as you might give an accountant or lawyer. Consider a Bonded agreement to ensure proper care and accountability, or verification of an insurance policy to cover potential losses. Consider requiring 3 rd party audits of a Cloud Service provider s practices.

27 A Scary Story Nirvanix, a cloud-storage company, announces a termination of operations. Customers had two weeks to move their data. Uploads were disabled immediately. This affects both independent customers as well as strategic partnerships with IBM SmartCloud and other major players such as Dell, HP, and Symantec.

28 A Scary Story An outside company providing HVAC management services was implicated in the Target breach. The HVAC company had been granted excessive access to Target s network. When their own systems and credentials had been compromised, Target was left vulnerable. Do we blame Target, or the HVAC company?

29 Some thoughts regarding Over- Dependence on Outsourcing Outside consultants and managed service providers may not have the same personal investment in an organization versus a full-time employee. To an outsourcing provider, you are just another customer while an employee s dedication and behavior has a direct impact on himself, his company, and his fellow employees.

30 Some thoughts regarding Over- Dependence on Outsourcing An outside consultant, MSP, or Cloud Service provider might not have the desire or latitude to go the extra mile. Contractual agreements might prohibit a 3 rd party employee from providing assistance not defined in the SLA without approval from management. This is due to both pricing and liability concerns.

31 Some thoughts regarding Over- Dependence on Outsourcing An over dependence on outsourcing can result in a braindrain within your own organization. A day might come when you have insufficient technical knowledge within your organization to effectively manage a vendor, understand the service they offer, and deal with integration issues. This is compounded when interoperability issues occur between your multiple service providers.

32 I get it. You hate The Cloud. No. The Cloud is cool and can make your life easier. But Cloud Service is a buzzword and providers make it very easy to launch into. When there are problems, it s a long way down. When properly managed, you can achieve economical access to specialized and scalable services while maintaining operational stability and security of data.

33 In Summary Business Process Outsourcing and use of Cloud Services has proven benefits and is common practice. Conduct careful planning regarding how services will be used, how to manage problems, and build policies defining what data is acceptable for use in The Cloud. Structure your agreements with Cloud Service partners in such a way that carries assurances of accountability, liability, compliance, ownership, and smooth disengagement when the term of service has ended.

34 Questions and Answers

Cloud Computing: Legal Risks and Best Practices

Cloud Computing: Legal Risks and Best Practices Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

Keep Your Data Secure in the Cloud Using encryption to ensure your online data is protected from compromise

Keep Your Data Secure in the Cloud Using encryption to ensure your online data is protected from compromise Protection as a Priority TM Keep Your Data Secure in the Cloud to ensure your online data is protected from compromise Abstract The headlines have been dominated lately with massive data breaches exposing

More information

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model

More information

Top Ten Technology Risks Facing Colleges and Universities

Top Ten Technology Risks Facing Colleges and Universities Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology

More information

Cloud Computing. What is Cloud Computing?

Cloud Computing. What is Cloud Computing? Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1 HIPAA COMPLIANCE AND DATA PROTECTION sales@eaglenetworks.it +39 030 201.08.25 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and EagleHeaps

More information

What s the Path? Information Life-cycle part of Vendor Management

What s the Path? Information Life-cycle part of Vendor Management Disclaimer The materials provided in this presentation and any comments or information provided by the presenter are for educational purposes only and nothing conveyed or provided should be considered

More information

Ohio Supercomputer Center

Ohio Supercomputer Center Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original

More information

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C. Belmont Savings Bank Are there Hackers at the gate? 2013 Wolf & Company, P.C. MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2013 Wolf & Company, P.C. About Wolf & Company, P.C.

More information

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential

More information

Four Things You Must Do Before Migrating Archive Data to the Cloud

Four Things You Must Do Before Migrating Archive Data to the Cloud Four Things You Must Do Before Migrating Archive Data to the Cloud The amount of archive data that organizations are retaining has expanded rapidly in the last ten years. Since the 2006 amended Federal

More information

QuickBooks Online: Security & Infrastructure

QuickBooks Online: Security & Infrastructure QuickBooks Online: Security & Infrastructure May 2014 Contents Introduction: QuickBooks Online Security and Infrastructure... 3 Security of Your Data... 3 Access Control... 3 Privacy... 4 Availability...

More information

Debunking Security Concerns with Hosted Call Centers

Debunking Security Concerns with Hosted Call Centers Debunking Security Concerns with Hosted Call Centers TABLE OF CONTENTS Executive Summary The Changing Call Center Landscape Identifying and Mitigating Security Risks a. Data b. Applications c. Disaster

More information

Session 11 : (additional) Cloud Computing Advantages and Disadvantages

Session 11 : (additional) Cloud Computing Advantages and Disadvantages INFORMATION STRATEGY Session 11 : (additional) Cloud Computing Advantages and Disadvantages Tharaka Tennekoon B.Sc (Hons) Computing, MBA (PIM - USJ) POST GRADUATE DIPLOMA IN BUSINESS AND FINANCE 2014 Cloud

More information

CUSTOMER CASE STUDIES: HIPAA COMPLIANT HOSTING

CUSTOMER CASE STUDIES: HIPAA COMPLIANT HOSTING CUSTOMER CASE STUDIES: HIPAA COMPLIANT HOSTING At Connectia, integrity is everything. From our people to your data, we embrace integrity as our hallmark. That s why healthcare organizations, healthcare

More information

Cloud Security and Managing Use Risks

Cloud Security and Managing Use Risks Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

Supplier IT Security Guide

Supplier IT Security Guide Revision Date: 28 November 2012 TABLE OF CONTENT 1. INTRODUCTION... 3 2. PURPOSE... 3 3. GENERAL ACCESS REQUIREMENTS... 3 4. SECURITY RULES FOR SUPPLIER WORKPLACES AT AN INFINEON LOCATION... 3 5. DATA

More information

Building an Excellent Relationship with your Cloud-Based Contact Center Infrastructure Vendor. April 2014

Building an Excellent Relationship with your Cloud-Based Contact Center Infrastructure Vendor. April 2014 Building an Excellent Relationship with your Cloud-Based Contact Center Infrastructure Vendor April 2014 Sponsored by: - 1 - DMG Consulting LLC Table of Contents Introduction... 1 Cloud-Based Contact Center

More information

FOR THE FUTURE OF DATA CENTERS?

FOR THE FUTURE OF DATA CENTERS? WHAT DOES THE CLOUD MEAN FOR THE FUTURE OF DATA CENTERS? A WHITEPAPER BROUGHT TO YOU BY SEI WHAT DOES THE CLOUD MEAN FOR THE FUTURE OF DATA CENTERS? files via the Internet to a hard drive located in a

More information

3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance

3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance 3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security

More information

Cloud Computing for Small to Mid Size Businesses. Tech66, LLC William Burleson wcb@tech66.com www.tech66.com

Cloud Computing for Small to Mid Size Businesses. Tech66, LLC William Burleson wcb@tech66.com www.tech66.com Cloud Computing for Small to Mid Size Businesses Tech66, LLC William Burleson wcb@tech66.com www.tech66.com Why Tech66 and the Cloud? You want to focus on your core business, not on running your IT infrastructure

More information

Draft Information Technology Policy

Draft Information Technology Policy Draft Information Technology Policy Version 3.0 Draft Date June 2014 Status Draft Approved By: Table of Contents 1.0 Introduction... 6 Background... 6 Purpose... 6 Scope... 6 Legal Framework... 6 2.0 Software

More information

Adopting Cloud Computing with a RISK Mitigation Strategy

Adopting Cloud Computing with a RISK Mitigation Strategy Adopting Cloud Computing with a RISK Mitigation Strategy TS Yu, OGCIO 21 March 2013 1. Introduction 2. Security Challenges Agenda 3. Risk Mitigation Strategy Before start using When using 4. Policy & Guidelines

More information

Security and Managed Services

Security and Managed Services iconnect Cloud Archive System Overview Security and Managed Services iconnect Cloud Archive (formerly known as Merge Honeycomb ) iconnect Cloud Archive offers cloud-based storage for medical images. Images

More information

BRING YOUR OWN DEVICE. Protecting yourself when employees use their own devices for business

BRING YOUR OWN DEVICE. Protecting yourself when employees use their own devices for business BRING YOUR OWN DEVICE Protecting yourself when employees use their own devices for business Bring Your Own Device: The new approach to employee mobility In business today, the value put on the timeliness

More information

Future- Building a. Business: The Ultimate Guide. Business to

Future- Building a. Business: The Ultimate Guide. Business to Building a Future- Proof Business: The Ultimate Guide to Moving Your Business to the Cloud Fluid IT Services 5601 Democracy Drive, Suite 265 Plano, TX 75024 Phone: (866) 523-6257 support@fluiditservices.com

More information

IBM Smartcloud Managed Backup

IBM Smartcloud Managed Backup IBM Smartcloud Managed Backup Service Definition 1 1. Summary 1.1 Service Description The IBM SmartCloud Managed Backup service provides public, private and hybrid cloudbased data protection solutions

More information

Please visit www.globaldatavault.com for complete details.

Please visit www.globaldatavault.com for complete details. 7 Reasons Why Data Center Customers Should Outsource Disaster Recovery By Global Data Vault Information Technology (IT) operations teams, whether inside the organizations they serve or working as service

More information

HIPAA Compliance for the Wireless LAN

HIPAA Compliance for the Wireless LAN White Paper HIPAA Compliance for the Wireless LAN JUNE 2015 This publication describes the implications of HIPAA (the Health Insurance Portability and Accountability Act of 1996) on a wireless LAN solution,

More information

Risk Management of Outsourced Technology Services. November 28, 2000

Risk Management of Outsourced Technology Services. November 28, 2000 Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the

More information

Can SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations

Can SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations Can SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations Topics What is SaaS? How does SaaS differ from managed hosting? Advantages of SaaS

More information

Module 1: Facilitated e-learning

Module 1: Facilitated e-learning Module 1: Facilitated e-learning CHAPTER 3: OVERVIEW OF CLOUD COMPUTING AND MOBILE CLOUDING: CHALLENGES AND OPPORTUNITIES FOR CAs... 3 PART 1: CLOUD AND MOBILE COMPUTING... 3 Learning Objectives... 3 1.1

More information

Security. CLOUD VIDEO CONFERENCING AND CALLING Whitepaper. October 2015. Page 1 of 9

Security. CLOUD VIDEO CONFERENCING AND CALLING Whitepaper. October 2015. Page 1 of 9 Security CLOUD VIDEO CONFERENCING AND CALLING Whitepaper October 2015 Page 1 of 9 Contents Introduction...3 Security risks when endpoints are placed outside of firewalls...3 StarLeaf removes the risk with

More information

Network & Information Security Policy

Network & Information Security Policy Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk

More information

Cloud Computing. Benefits and Risks. Bill Wells, CISSP, CISM, CISA, CRISC, CIPP/IT bill.wells@transamerica.com

Cloud Computing. Benefits and Risks. Bill Wells, CISSP, CISM, CISA, CRISC, CIPP/IT bill.wells@transamerica.com Cloud Computing Benefits and Risks Bill Wells, CISSP, CISM, CISA, CRISC, CIPP/IT bill.wells@transamerica.com 10/3/2012 1 Let s make sure we re all talking about the same thing. WHAT IS CLOUD COMPUTING?

More information

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility Your Guide to Cost, Security, and Flexibility What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility 10 common questions answered Over the last decade, cloud backup, recovery

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

Managed Hosting & Datacentre PCI DSS v2.0 Obligations

Managed Hosting & Datacentre PCI DSS v2.0 Obligations Any physical access to devices or data held in an Melbourne datacentre that houses a customer s cardholder data must be controlled and restricted only to approved individuals. PCI DSS Requirements Version

More information

Don't Wait Until It's Too Late: Choose Next-Generation Backup to Protect Your Business from Disaster

Don't Wait Until It's Too Late: Choose Next-Generation Backup to Protect Your Business from Disaster WHITE PAPER: DON'T WAIT UNTIL IT'S TOO LATE: CHOOSE NEXT-GENERATION................. BACKUP........ TO... PROTECT............ Don't Wait Until It's Too Late: Choose Next-Generation Backup to Protect Your

More information

Shaping the Cloud for the Healthcare Industry

Shaping the Cloud for the Healthcare Industry Shaping the Cloud for the Healthcare Industry Louis Caschera Chief Information Officer CareTech Solutions www.caretech.com > 877.700.8324 Information technology (IT) is used by healthcare providers as

More information

Things You Need to Know About Cloud Backup

Things You Need to Know About Cloud Backup Things You Need to Know About Cloud Backup Over the last decade, cloud backup, recovery and restore (BURR) options have emerged as a secure, cost-effective and reliable method of safeguarding the increasing

More information

HIPAA COMPLIANCE AND

HIPAA COMPLIANCE AND INTRONIS CLOUD BACKUP & RECOVERY HIPAA COMPLIANCE AND DATA PROTECTION CONTENTS Introduction 3 The HIPAA Security Rule 4 The HIPAA Omnibus Rule 6 HIPAA Compliance and Intronis Cloud Backup and Recovery

More information

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber

More information

Identity & Access Management in the Cloud: Fewer passwords, more productivity

Identity & Access Management in the Cloud: Fewer passwords, more productivity WHITE PAPER Strategic Marketing Services Identity & Access Management in the Cloud: Fewer passwords, more productivity Cloud services are a natural for small and midsize businesses, with their ability

More information

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

REGULATIONS FOR THE SECURITY OF INTERNET BANKING REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY

More information

Governance of Outsourced IT Services. Donna Hutcheson, CISA Information Technology Audit Director Energy Future Holdings Corp.

Governance of Outsourced IT Services. Donna Hutcheson, CISA Information Technology Audit Director Energy Future Holdings Corp. Governance of Outsourced IT Services Donna Hutcheson, CISA Information Technology Audit Director Energy Future Holdings Corp. Topics Covered in This Session Common failures in governing outsourced IT services

More information

How cloud computing can transform your business landscape

How cloud computing can transform your business landscape How cloud computing can transform your business landscape Introduction It seems like everyone is talking about the cloud. Cloud computing and cloud services are the new buzz words for what s really a not

More information

Cloud models and compliance requirements which is right for you?

Cloud models and compliance requirements which is right for you? Cloud models and compliance requirements which is right for you? Bill Franklin, Director, Coalfire Stephanie Tayengco, VP of Technical Operations, Logicworks March 17, 2015 Speaker Introduction Bill Franklin,

More information

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered Over the last decade, cloud backup, recovery and restore (BURR) options have emerged

More information

Adobe Digital Publishing Security FAQ

Adobe Digital Publishing Security FAQ Adobe Digital Publishing Suite Security FAQ Adobe Digital Publishing Security FAQ Table of contents DPS Security Overview Network Service Topology Folio ProducerService Network Diagram Fulfillment Server

More information

FormFire Application and IT Security. White Paper

FormFire Application and IT Security. White Paper FormFire Application and IT Security White Paper Contents Overview... 3 FormFire Corporate Security Policy... 3 Organizational Security... 3 Infrastructure and Security Team... 4 Application Development

More information

Why You Should Consider the Cloud

Why You Should Consider the Cloud INTERSYSTEMS WHITE PAPER Why You Should Consider the Cloud In 2014, we ll see every major player make big investments to scale up Cloud, mobile, and big data capabilities, and fiercely battle for the hearts

More information

Ensuring security the last barrier to Cloud adoption

Ensuring security the last barrier to Cloud adoption Ensuring security the last barrier to Cloud adoption Publication date: March 2011 Ensuring security the last barrier to Cloud adoption Cloud computing has powerful attractions for the organisation. It

More information

Facing Information Security Challenges

Facing Information Security Challenges AKTINA Event Information Security & Cloud Challenges March 17, 2016 Facing Information Security Challenges ISACA Cyprus Chapter Paschalis Pissarides CRISC, CISM, CISA Immediate Past President (2010-2014)

More information

Third Party Security: Are your vendors compromising the security of your Agency?

Third Party Security: Are your vendors compromising the security of your Agency? Third Party Security: Are your vendors compromising the security of your Agency? Wendy Nather, Texas Education Agency Michael Wyatt, Deloitte & Touche LLP TASSCC Annual Conference 3 August 2010 Agenda

More information

White Paper. Cloud vs. Colo: Colo Wins on 4 out of 5 Key Criteria TABLE OF CONTENTS

White Paper. Cloud vs. Colo: Colo Wins on 4 out of 5 Key Criteria TABLE OF CONTENTS White Paper Cloud vs. Colo: Colo Wins on 4 out of 5 Key Criteria of new security threats, hacking attacks and data breaches every week. Couple that with major service interruptions and outages experienced

More information

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012 A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES

More information

Cloud Computing Secured. Thomas Mitchell CISSP. A Technical Communication

Cloud Computing Secured. Thomas Mitchell CISSP. A Technical Communication Cloud Computing Secured Thomas Mitchell CISSP A Technical Communication Abstract With the migration to Cloud Computing underway in many organizations IT infrastructure, this will cause a paradigm shift

More information

Cloud Security Who do you trust?

Cloud Security Who do you trust? Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud

More information

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery WHITE PAPER HIPAA-Compliant Data Backup and Disaster Recovery DOCUMENT INFORMATION HIPAA-Compliant Data Backup and Disaster Recovery PRINTED March 2011 COPYRIGHT Copyright 2011 VaultLogix, LLC. All Rights

More information

Service Description Dell Cloud Storage with Nirvanix Public Service

Service Description Dell Cloud Storage with Nirvanix Public Service Service Description Dell Cloud Storage with Nirvanix Public Service Introduction to Your Public Service Dell Cloud Storage with Nirvanix Public Service (the Service ) is a public, multi-tenant STorage

More information

YubiCloud OTP Validation Service. Version 1.2

YubiCloud OTP Validation Service. Version 1.2 YubiCloud OTP Validation Service Version 1.2 5/12/2015 Introduction Disclaimer Yubico is the leading provider of simple, open online identity protection. The company s flagship product, the YubiKey, uniquely

More information

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK By James Christiansen, VP, Information Management Executive Summary The Common Story of a Third-Party Data Breach It begins with a story in the newspaper.

More information

Presentation to the ACC Information Technology & Ecommerce Committee June 5, 2008

Presentation to the ACC Information Technology & Ecommerce Committee June 5, 2008 Cloud Computing: What to Ask When the Clouds Roll In Presentation to the ACC Information Technology & Ecommerce Committee June 5, 2008 Randall S. Parks and James A. Harvey, Partners and Co-Chairs, and

More information

Top 10 Risks in the Cloud

Top 10 Risks in the Cloud A COALFIRE PERSPECTIVE Top 10 Risks in the Cloud by Balaji Palanisamy, VCP, QSA, Coalfire March 2012 DALLAS DENVER LOS ANGELES NEW YORK SEATTLE Introduction Business leaders today face a complex risk question

More information

HIPAA Privacy & Security White Paper

HIPAA Privacy & Security White Paper HIPAA Privacy & Security White Paper Sabrina Patel, JD +1.718.683.6577 sabrina@captureproof.com Compliance TABLE OF CONTENTS Overview 2 Security Frameworks & Standards 3 Key Security & Privacy Elements

More information

ISO 27001 Controls and Objectives

ISO 27001 Controls and Objectives ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements

More information

Cloud security: A matter of trust? Dr Mark Ian Williams CEO, Muon Consulting

Cloud security: A matter of trust? Dr Mark Ian Williams CEO, Muon Consulting Cloud security: A matter of trust? Dr Mark Ian Williams CEO, Muon Consulting I wandered lonely as a cloud... The academic, globe-trotting years: 1992 1993: Parallel software for PET scanner images in Geneva

More information

Standard: Information Security Incident Management

Standard: Information Security Incident Management Standard: Information Security Incident Management Page 1 Executive Summary California State University Information Security Policy 8075.00 states security incidents involving loss, damage or misuse of

More information

THE PERSPECSYS KNOWLEDGE SERIES. Solving Privacy, Residency and Security in the Cloud. PerpecSys Inc. 2012. All rights reserved.

THE PERSPECSYS KNOWLEDGE SERIES. Solving Privacy, Residency and Security in the Cloud. PerpecSys Inc. 2012. All rights reserved. THE PERSPECSYS KNOWLEDGE SERIES Solving Privacy, Residency and Security in the Cloud Data Compliance and the Enterprise Cloud Computing is generating an incredible amount of excitement and interest from

More information

THE SECURITY OF HOSTED EXCHANGE FOR SMBs

THE SECURITY OF HOSTED EXCHANGE FOR SMBs THE SECURITY OF HOSTED EXCHANGE FOR SMBs In the interest of security and cost-efficiency, many businesses are turning to hosted Microsoft Exchange for the scalability, ease of use and accessibility available

More information

A Guide to Ensuring Security and Resiliency

A Guide to Ensuring Security and Resiliency Protecting Your Business Network: A Guide to Ensuring Security and Resiliency Even as major news outlets continue to report new stories about massive security breaches at the world s largest companies,

More information

Negotiating Contracts That Will Keep our Clouds Afloat: You re going to put THAT in a cloud? Meteorologist: Daniel T. Graham

Negotiating Contracts That Will Keep our Clouds Afloat: You re going to put THAT in a cloud? Meteorologist: Daniel T. Graham Negotiating Contracts That Will Keep our Clouds Afloat: You re going to put THAT in a cloud? Meteorologist: Daniel T. Graham The dynamic provisioning of IT capabilities, whether hardware, software, or

More information

Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services

Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services Introduction Patient privacy continues to be a chief topic of concern as technology continues to evolve. Now that the majority

More information

Applying Cryptography as a Service to Mobile Applications

Applying Cryptography as a Service to Mobile Applications Applying Cryptography as a Service to Mobile Applications SESSION ID: CSV-F02 Peter Robinson Senior Engineering Manager RSA, The Security Division of EMC Introduction This presentation proposes a Cryptography

More information

Healthcare Compliance Solutions

Healthcare Compliance Solutions Privacy Compliance Healthcare Compliance Solutions Trust and privacy are essential for building meaningful human relationships. Let Protected Trust be your Safe Harbor The U.S. Department of Health and

More information

ELECTRONIC INFORMATION SECURITY A.R.

ELECTRONIC INFORMATION SECURITY A.R. A.R. Number: 2.6 Effective Date: 2/1/2009 Page: 1 of 7 I. PURPOSE In recognition of the critical role that electronic information systems play in City of Richmond (COR) business activities, this policy

More information

Public Cloud Service Agreements: What to Expect & What to Negotiate. April 2013

Public Cloud Service Agreements: What to Expect & What to Negotiate. April 2013 Public Cloud Service Agreements: What to Expect & What to Negotiate April 2013 The Cloud Standards Customer Council THE Customer s Voice for Cloud Standards! Provide customer-led guidance to the multiple

More information

Top 5 Global Bank Selects Resolution1 for Cyber Incident Response.

Top 5 Global Bank Selects Resolution1 for Cyber Incident Response. MAJOR FINANCIAL SERVICES LEADER Top 5 Global Bank Selects Resolution1 for Cyber Incident Response. Automation and remote endpoint remediation reduce incident response (IR) times from 10 days to 5 hours.

More information

Cloud Computing. Chapter 10 Disaster Recovery and Business Continuity and the Cloud

Cloud Computing. Chapter 10 Disaster Recovery and Business Continuity and the Cloud Cloud Computing Chapter 10 Disaster Recovery and Business Continuity and the Cloud Learning Objectives Define and describe business continuity. Define and describe disaster recovery. Describe the benefits

More information

IBM Security Privileged Identity Manager helps prevent insider threats

IBM Security Privileged Identity Manager helps prevent insider threats IBM Security Privileged Identity Manager helps prevent insider threats Securely provision, manage, automate and track privileged access to critical enterprise resources Highlights Centrally manage privileged

More information

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]

More information

The Benefits of Archiving and Seven Questions You Should Always Ask

The Benefits of Archiving and Seven Questions You Should Always Ask ArkivumLimited R21 Langley Park Way Chippenham Wiltshire SN15 1GE UK +44 1249 405060 info@arkivum.com @Arkivum arkivum.com The Benefits of Archiving and Seven Questions You Should Whitepaper 1 / 6 Introduction

More information

CyberSource Payment Security. with PCI DSS Tokenization Guidelines

CyberSource Payment Security. with PCI DSS Tokenization Guidelines CyberSource Payment Security Compliance The PCI Security Standards Council has published guidelines on tokenization, providing all merchants who store, process, or transmit cardholder data with guidance

More information

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST Application Name: Vendor Name: Briefly describe the purpose of the application. Include an overview of the application architecture, and identify the data

More information

TASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices

TASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security

More information

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered Over the last decade, cloud backup, recovery and restore (BURR) options have emerged

More information

CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013

CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013 CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE October 2, 2013 By: Diane M. Gorrow Soule, Leslie, Kidder, Sayward & Loughman, P.L.L.C. 220 Main Street

More information

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture 2 Data Security and Privacy Principles for IBM SaaS Contents 2 Introduction

More information

SELECTING AN ENTERPRISE-READY CLOUD SERVICE

SELECTING AN ENTERPRISE-READY CLOUD SERVICE 21 Point Checklist for SELECTING AN ENTERPRISE-READY CLOUD SERVICE Brought to you by Introduction The journey to the cloud is well underway, and it s easy to see why when 84% of CIOs report cutting application

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

Software As A Service

Software As A Service Software As A Service What Is ERP Hosting? Hosting is a software deployment and subscription model in which an application resides on the software provider s remote servers, rather than the customer s

More information

Preemptive security solutions for healthcare

Preemptive security solutions for healthcare Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare

More information

Why Consider Cloud-Based Applications?

Why Consider Cloud-Based Applications? Abstract Achieving success for today s compliance professional is both tougher and easier than ever. On one hand, there are more regulations and standards at almost every level, on the other, there are

More information